leantime/leantime Security Advisories for v2.2.7 (11)
-
[LOW] Leantime allows Cross-Site Scripting (XSS)
PKSA-k31s-br81-7b39 GHSA-f679-254h-qhvj
Affected version: <3.3
Reported by:
GitHub -
[MEDIUM] Leantime affected by Improper Neutralization of HTML Tags
PKSA-w13x-wff6-ds6q CVE-2025-28254 GHSA-95j3-435g-vjcp
Affected version: <3.3
Reported by:
GitHub -
[LOW] Leantime has Missing Authorization Check for Host Parameter
PKSA-fgqg-8hzg-169q GHSA-3hfj-qcvj-4hx8
Affected version: <3.3
Reported by:
GitHub -
[HIGH] Leantime allows Stored Cross-Site Scripting (XSS)
PKSA-fv8p-63sn-pybn GHSA-c39w-3pjx-qc7m
Affected version: <3.3
Reported by:
GitHub -
[MEDIUM] Leantime allows Cross-Site Request Forgery (CSRF)
PKSA-3q5q-wmqr-m8fv GHSA-92xh-6x7v-4rmq
Affected version: <3.1.2
Reported by:
GitHub -
[HIGH] Leantime allows Cross Site Scripting (XSS) and SQL Injection (SQLi)
PKSA-qrsv-qxcr-xh82 GHSA-v4q9-437p-mhpg
Affected version: <3.3
Reported by:
GitHub -
[MEDIUM] Leantime allows Stored Cross-Site Scripting (XSS)
PKSA-4zkv-331d-pvyx GHSA-63cr-xg3f-8jvr
Affected version: <=3.1.4
Reported by:
GitHub -
[MEDIUM] Leantime allows Refelected Cross-Site Scripting (XSS)
PKSA-xcm3-d287-v564 GHSA-52xf-h226-pfgx
Affected version: <3.3
Reported by:
GitHub -
[MEDIUM] Leantime has Insufficiently Protected Credentials
PKSA-m297-v654-1gjy GHSA-h6w8-27ph-c385
Affected version: <3.3
Reported by:
GitHub -
[MEDIUM] Leantime allows Stored Cross-Site Scripting (XSS)
PKSA-5w56-dfbx-msf4 GHSA-mg4c-884j-pcq9
Affected version: <3.3
Reported by:
GitHub -
[MEDIUM] Leantime has Host Header Injection Vulnerability
PKSA-3r44-37cz-8wwm GHSA-99r5-84gr-59f6
Affected version: <3.1.2
Reported by:
GitHub